If you’d like to set up different policies to use a password for fixed BitLocker data drives in Windows 11 or Windows 10, here’s how you can do it. You can configure the use of passwords for BitLocker fixed data drives using the Local Group Policy Editor and the Registry Editor. Use this guide to enable or disable passwords for fixed data drives, password complexity, and minimum password length.

How to set up passwords for fixed data drives in BitLocker

To configure the use of passwords for fixed data drives, follow these steps:

1. Search gpedit in the search box on the taskbar.
2. Click on a search result.
3. Go to BitLocker Drive Encryption > Fixed Data Drives in Computer configuration.
4. Double click on Configuring the use of passwords for fixed data drives parameter.
5. Choose Included option.
6. Check Require password for fixed data drive
7. Set the password complexity.
8. Select the minimum password length for the data hard drive.
9. Press GOOD button.

Let’s dive into these steps in detail.

To get started, find gpedit or gpedit.msc in the search box on the taskbar and click on an individual search result to open the Local Group Policy Editor on your computer. Then follow this path:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives

On the right side you can see a parameter named Configure use of passwords for fixes data drives. You need to double click on this option and select Enabled option.

Next, you have three configuration options:

• Require password for fixed data drive: Check the box to enable it.
• Select the password complexity setting.
• Choose the minimum password length.

Finally click on OK button to save changes.

How to configure the use of passwords for fixed data drives using the registry

To configure the use of passwords for fixed data drives using the registry, follow these steps:

1. Press Win+R > type regedit and click on GOOD button.
2. Press Yes button.
3. Go to Microsoft in HKLM.
4. Right click Microsoft > New > Key and call it DPO.
5. Right click FVE > New > DWORD Value (32-bit).
6. Set the name to FDVPassphrase.
7. Double click on it to set the given value as one.
8. Repeat these steps to create three more REG_DWORD values.
9. Name them as FDVEnforcePassphrase, FDVPassphraseComplexity and FDVPassphraseLength.
10. Set the data value of FDVPassphrase to 1.
11. Set the FDVPassphraseLength data value from 6 to 20.
12. Set the data value of FDVPassphraseComplexity to 0, 1, or 2.
13. Restart your computer.

Let’s learn more about these steps.

First press Win+R to open the Run prompt, type regeditclick OK button and press the button Yes the ability to open the registry editor. Then follow this path:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoft

Right click Microsoft > New > Key and set the name as FVE.

Right click FVE > New > DWORD (32-bit) Value and call it like FDVPasphrase.

Double click on it and set data value as one.

You will then need three more REG_DWORD values:

• FDVEnforcePassphrase: 1 to enable
• FDVPassphraseComplexity: 0/1/2
• FDVPassphraseLength: 6 to 20

Then double click on each REG_DWORD value and set these values ​​as above.

Finally, close all windows and restart your computer.

How can we apply BitLocker encryption?

To force BitLocker encryption on Windows 11/10, you need to use a PIN or password for a secure drive. To do this, you can use the Control Panel, Command Prompt, Windows PowerShell, or the Windows Terminal. In the Windows terminal you need to use this command: manage-bde -changepin C:.

How to enable Require additional authentication at startup?

To turn on Require additional authentication at startup for BitLocker, you must use the Local Group Policy Editor. To do this, go to BitLocker Drive Encryption > Operating System Drives. Double click on Require additional authentication at startup setting and select Included option. Then expand the dropdown menu and select Require initial PIN with TPM option. Press GOOD button to save changes.

It’s all! I hope this helped.